Sinister Android app poses as major brand but could empty your bank

People who own an Android phone have been warned over a sinister piece of software that is disguising itself as a legitimate antivirus app.

The almost cruel masquerading act will see your phone infected by clicking on the app that you believe is going to help keep your phone free of viruses.

And it is sadly not a new phenomenon, with this kind of fake app scam being first spotted back in early 2021. It joins a very long list of ways scammers try and take over your phone, with one recent warning coming via WhatsApp.

By clicking on the new version of what is known as an Android banking trojan, you will open up your phone and its data to hackers who will then take your data and could even then empty your bank account with the details they've acquired.

Cybersecurity researchers from NCC Group’s Fox-IT were the first to warn about this kind of software.

Explaining, they said a new version the Vultur banking trojan has been detected with some significant changes to how it targets victims since first being spotted three years ago.

Nikolas Kokovlis/NurPhoto via Getty Images

They explain that previous versions of the Vultur banking trojan were found put on to peoples' phones via apps that were smuggled on to the Google Play Store.

Now, the updated app combines something called smishing - which is where you are sent fake mobile text messages to trick you in to downloading malware - and legitimate apps.

Reports have said one version of the malware portrays it to look like McAfee, a legitimate antivirus software you can download on to your phone to keep it safe.

Cyber-criminals will target a victim by sending them a warning of an unauthorised payment from their accounts.

Joan Cros/NurPhoto via Getty Images

To fix it, you're then sent a phone number to call.

But this is a scam where the victims who take the bait are then told to download a rogue version of the McAfee Security app from the Play Store.

The apps are loaded on to the Play Store via a malware dropper called Brunhilda, which puts three kinds of malware on to your device in an attempt to try and take control of your phone.

Getty Stock Images

Those who fall victim will find their phones screen recorded by hackers, your keyboard tracked so as to know your passwords, and remote access of your device from anywhere in the world.

A Google spokesperson told BleepingComputer: "Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.

"Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play."